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DETAILED ACTION 

1 . This action is responsive to communication: amendment filed 12 July 2005 with 
recognition of the original application was filed on 1 December 2000 with a continuing 
application priority date of 09 May 2000. 

2. Claims 55-105 are currently pending in this application. Claim 55, 68, 72, 79, 91, 95, 
102, 104, and 105 are independent claims. Claims 55-105 are new. Claims 1-54 are cancelled, 
amendments to the claims accepted. 

Response to Arguments 

3. Applicant's arguments with respect to claims 55-105 have been considered but they are 
not found persuasive where noted below. The arguments that are not noted below are moot in 
view of new grounds of rejection. 

In response to applicant's argument beginning on page 12, "Claim 55 recites ... 
respective privacy policies to be assigned to different Web pages on the same Web site . . . Hunt, 
however, neither teaches nor suggest a method by which different privacy policies can be 
maintained and applied on different pages in the same Web site of the same enterprise". The 
Office disagrees with argument as shown in the below Office Action, Hunt uses the registration 
agent to querj' the forms requested for registration. The "forms" are interpreted to have the same 
meaning as "Web pages" in addition Hunt explains how a user can specify what information can 
be release to a site and how different fields in the form or forms used can have different privacy 
policies attached. 

In response to applicant's argument beginning on page 13, "Hunt, however, neither 
teaches nor suggest any sort of method for computation of privacy policies, let alone the specific 
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hierarchical method of combining privacy rules over multiple nodes that is recited in new 
claim 68". The Office disagrees with argument "computing" is interpreted to have the same 
meaning as ''determining" as shown below as well as in '855 col. 9, lines 6-29. In addition 
"multiple nodes" is interpreted to have the same meaning as the fields in the forms used in Hunt, 

In response to applicant's argument beginning on page 13, "Claim 71 is a dependent 
claim, which adds the limitation that the privacy rules assigned to each node are represented as 
policy section, which are written XML and comprise an attribute identifying the parent of the 
node". The Office does not agree in Hunt, instead of XML, HTML is used, the nodes as claimed 
are another term for the level of poUcy that the user assigns to a field or attribute of information. 
This shown below in '855 col. 5, line 55 through col. 6, line 5. 

Claim Rejections - 35 USC § 102 
4. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an apphcation for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an apphcation filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language 
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5. Claims 55-57, 59-64, 66-71, 79-81, 83-87, 89, 90-94, and 102-104, are rejected under 
35 U.S.C. 102(e) as being anticipated by Hunt et al. U.S. Patent No. 6,496,855 
(hereinafter '855). 

As to independent claim 55, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col, 2, line 17; 

"providing a linked collection of Web pages, comprising at least first and second 
Web pages, on a Web site maintained by an enterprise, so as to enable a user to exchange 
information with the enterprise via the Web pages" is shown in '855 col. 5, lines 20-33 (i.e. 
"pages" same as "forms"); 

"assigning respective, non-uniform privacy policies to at least some of the Web 
pages regarding use of the information that is exchanged through the Web pages, the 
privacy policies comprising at least a first privacy policy assigned to the first Web page and 
a second, different privacy policy assigned to the second Web page" is disclosed in '855 
col. 7, lines 52-65; 

"providing to the user accessing the first and second Web pages the respective 
privacy policies for the first and second Web page" is taught in '855 col. 6, line 53 through 
col. 7, line 31; 

"and exchanging the information with the user via the Web site subject to the non- 
uniform privacy policies, such that at least a first portion of the information is exchanged 
via the first Web page subject to the first privacy policy, and at least a second portion of 
the information is exchanged via the second Web page subject to the second privacy policy" 

is shown in col. 9, lines 16-45. 
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As to dependent claim 56, "wherein exchanging the information with the user 
comprises receiving private information submitted to the enterprise by the user" is 
disclosed in '855 col. 7, lines 38-61. 

As to dependent claim 57, "wherein receiving the private information comprises 
receiving the user's agreement to at least one of the privacy policies, and recording the 
private information together with an indication of the at least one of the privacy policies 
agreed upon" is taught in '855 col. 7, line 62 through col. 8, line 9. 

As to dependent claim 59, "wherein providing the linked collection of Web pages 
comprises arranging the Web pages in a hierarchy of nodes that comprises a root node, 
such that each of the nodes except for the root node has a parent node in the hierarchy, and 
wherein assigning the privacy policies comprises assigning to each of at least some of the 
nodes, including the nodes associated with the first and second Web pages, one or more 
respective privacy rules regarding use of the information that is associated with the nodes, 
and setting for each of the nodes a node privacy policy that comprises the privacy rules 
assigned to the node combined, for each of the nodes except the root node, with the node 
privacy policy of its parent node" is disclosed in '855 col. 7, lines 1-65. 

As to dependent claim 60, "wherein providing the respective privacy policies 
comprises informing the user who has exchanged the information associated with the first 
Web page subject to the first privacy policy of a difference in the second privacy policy 
relative to the first privacy policy before exchanging the information associated with the 
second Web page" is taught in '855 col. 5, lines 44-45. 
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As to dependent claim 61, "wherein assigning the non-uniform privacy policies 
comprises assigning an initial privacy policy to the first Web page, and subsequently 
making a change in the initial privacy policy so as to assign a modified privacy policy to the 
first Web page, and wherein providing the privacy policies to the user comprises informing 
the user who has exchanged information with the first Web page subject to the initial 
privacy policy of the change" is shown in '855 col. 3, lines 52-67. 

As to dependent claim 62, "wherein informing the user comprises prompting the 
user to provide an input to indicate whether the user accepts or rejects the change" is 
disclosed in '855 col. 5, lines 44-45. 

As to dependent claim 63, "wherein assigning the privacy policies comprises storing 
the privacy policies in a computer server belonging to the enterprise, and wherein 
providing the privacy policies to the user comprises intercepting a request by the user to 
access the first Web page and providing the first privacy policy to the user responsive to 
the request" is shown In '855 col. 2, lines 6-33, 

As to dependent claim 64, "wherein providing the privacy policies comprises 
conveying the policies in a standard form for presentation by a Web browser" is taught in 
'855 coL 5, line 55 through col. 6, line 5. 

As to dependent claim 66, "wherein assigning the non-uniform privacy policies 
comprises determining a rating for each of the policies based on a predetermined rating 
scale" is shown in '855 col. 6, lines 44-64. 

As to dependent claim 67, "wherein assigning the non-uniform privacy policies 
comprises defining first and second user classes and defining, for a given one of the Web 
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pages, (lifTerent first and second class privacy policies, respectively, for the first and second 
user classes, and wherein providing the privacy policies to the user comprises determining 
whether the user belongs to the first or second class, and providing the first or the second 
class privacy policy accordingly" is disclosed in '855 col. 7, lines 52-65. 

As to independent claim 68, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col. 2, line 17; 

'^arranging a body of information in a hierarchy of nodes that comprises a root 
node, such that each of the nodes except for the root node has one or more ancestor nodes 
in the hierarchy" is shown in col. 6, line 44 through col. 7, line 11; (i.e. "body of information" 
same as "user profile", "root node" same as "core profile", "ancestor nodes" same as "site 
specific profile") 

"assigning to each of at least some of the nodes one or more respective privacy rules 
regarding use of the information that is associated with the node" is disclosed in '855 col. 7, 
lilies 62-65; 

"receiving a request from a user to access a given node" is taught in '855 col. 5, lines 

51- 55; 

"computing a node privacy policy for the given node by combining the privacy rules 
assigned to the given node with node privacy policies of the ancestor nodes of the given 
node ill the hierarchy" is shown in '855 col. 6, lines 6-43; 

"providing the computed node privacy policy to the user; and exchanging with the 
user at least a portion of the information that is associated with the given node subject to 
the provided privacy policy" is disclosed in '855 is disclosed in '855 col. 6, lines 44-67. 
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As to dependent claim 69, this claim is substantially similar to dependent claims 56; 
therefore it is rejected along similar rationale. 

As to dependent claim 70, ^'wherein arranging the body of information comprises 
associating the nodes with respective Web pages accessible through a Web site" is shown in 
^855 col. 5, Hnes 20-33 (i.e. "pages" same as "forms"); 

As to dependent claim 71, "wherein assigning the respective privacy rules comprises 
representing the privacy rules assigned to each of the at least some of the nodes as 
respective policy sections, which are written in an extended markup language (XML) and 
comprise an attribute identifying a parent node in the hierarchy" is disclosed in '855 col. 5, 
line 55 through col. 6, line 5. 

As to independent claim 79, this claim is directed to the apparatus for the method of 
claim 55; therefore it is rejected along similar rationale. 

As to dependent claims 80, 81, 83-87, 89, and 90, these claims are substantially 
similar to dependent claims 56, 57, 59-64, 66, and 67; therefore they are rejected along 
similar rationale. 

As to independent claim 91, this claim is directed to the apparatus for the method of 
claijn 68; therefore it is rejected along similar rationale. 

As to dependent claims 92-94, these claims are substantially similar to dependent claims 
69-71; therefore they are rejected along similar rationale. 

As to independent claim 102, this claim is directed to the software program for the 
method of claim 55; therefore it is rejected along similar rationale. 
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As to dependent claims 103, this claim is substantially similar to dependent claim 57; 
therefore it is rejected along similar rationale. 

As to independent claim 104, this claim is directed to the software program for the 
method of claim 68; therefore it is rejected along similar rationale. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

7. Claims 58, 65, 82, 88 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'855 in further view of Itabashi et al. U.S. Patent No. 6,308,203 (hereinafter '203). 

As to dependent claim 58, "querying the application to determine its compliance 
with the at least one of the privacy policies subject to which the requested information was 
received; and providing the requested information subject to the compliance of the 
application with the at least one of the privacy policies" is taught in '855 col. 6, lines 6-14 
"Any system for submitting data to a site on behalf of a user will need certain information about 
the site and its form system, which is termed Site Data Requirements (SDR) ... and needs to 
include at least some of the following information ... 2. what are the site's data privacy policies? 
Is there any relevant third party auditing or accreditation"; 

the following is not taught in '855: "and comprising: intercepting a request from an 
application to use the private information received from the user" however '203 teaches 
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'The information processing apparatus of still another embodiment of the present invention 
further comprises a detection means • . . The information processing apparatus of still yet another 
embodiment of the present invention further comprises another detection means ... for detecting 
unauthorized access to the personal information ... An information processing apparatus of still 
further embodiment of the present invention comprises an access means (for example, step S21 
shown in FIG. 4) for accessing an information processing device of an information provider 
through a server and a control means (for example, step S27 shown in FIG. 4) for controlling the 
provision by the server of personal information stored in a storage means to the information 
processing device of the information provider on behalf of a user when a request for the personal 
information comes from the information processing device of the information provider" in col. 4, 
lines 30-53. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site registration proxy system to include the use of P3P 
format as well as a means to intercept requests. One of ordinary skill in the art would have been 
motivated to perform such a modifications to place emphasis on mobility and low (see '203 col. 
1, lines 49 et seq. and col. 2, lines 36 et seq.). "In addition, a mobile terminal device for 
accessing information or service providers from outside the home is generally designed with 
emphasis placed on mobility and low cost and therefore is inferior in capability ... In carrying out 
the invention and according to yet another aspect thereof, there is provided an information 
processing apparatus comprising: an access means for accessing the information processing 
device of the information provider through the server; and a control means for controllmg the 
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provision of the personal information stored in the storage means to the information processing 
device of the information provider by the server on behalf of any of the plurality of users" . 

As to dependent claim 65, "wherein the standard form comprises a form specified 
by the Platform for Privacy Preferences Project (P3P)" is shown in '203 col. 5, Hnes 24-28 
"The computer group has at least a proxy device 109, a user profile database 1 10 storing 
personal information of plural users, and a user agent (UA) 1 1 1 of P3P (Platform for Privacy 
Preference Project) as a computer program, thereby realizing a proxy agent service capability for 
providing personal information". 

As to dependent claims 82 and 88; these claims are substantially similar to 58 and 65; 
therefore they are rejected along similar rationale. 

8. Claims 72-78, 95-101, and 105, are rejected under 35 U.S.C, 103(a) as being 
unpatentable over '855 in further view of Itabashi et al. U.S. Patent No. 6,308,203 (hereinafter 

'203). 

As to independent claim 72, "A computer-implemented method for privacy 
management, comprising:" is taught in '855 col. 1, lines 55 through col. 2, Hne 17 "According 
to a first aspect of the present invention, in an arrangement comprising at least one computer 
network connecting at least one personal computer being associated with at least one user, a 
method for managing the registration of the user with the at least one service computer, the 
method comprising the steps of gathering registration data for the at least one service computer; 
storing the registration data in at least one data structure on at least one registration agent 
computer connected to the computer network; gathering personal data for the user; storing at 
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least part of the personal data in at lest one data structure on at least one registration agent 
computer connected to the computer network; and in response to a request from the user to 
registration agent computer connected to the computer network to register the user"; 

"providing a linked collection of interactive resources through which a user is able 
to exchange information with an enterprise that provides the resources" is shown in '855 
col. 5, lines 20-33 "Each website that is affiliated with the registration agent site is represented in 
a registration profile database 13 where details of the site registration requirements, including the 
registration forms used by the website, are stored"; 

"at least some of the resources having privacy policies associated there with 
regarding use of the information that is exchanged through the resources" is disclosed in 
'855 col. 7, Hnes 52-65 "The information may be grouped into different categories ... For each 
information group, the user chooses an information policy, which tells the registration agent site 
10 when and to whom the information in that category can be given out"; 

"receiving information from users who access the resources subject to the privacy 
policies" is shown in col. 9, lines 16-45 "An important aspect of the present invention is that it is 
possible for the user to specify a privacy poHcy"; 

"upon receiving the request from the application, querying the application to 
determine compliance of the application with the privacy policies subject to which the 
requested information was received; and providing the requested information to the 
application subject to the compliance of the application with the privacy policies" is taught 
in '855 col. 6, lines 6-14 "Any system for submitting data to a site on behalf of a user will need 
certain information about the site and its form system, which is termed Site Data Requirements 
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(SDR) . . . and needs to include at least some of the following information ... 2. what are the 
site's data privacy policies? Is there any relevant third party auditing or accreditation"; 
the following is not taught in '855: "intercepting a request from an application to use the 
information received from the users; however '203 teaches "The information processing 
apparatus of still another embodiment of the present invention further comprises a detection 
means . . . The information processing apparatus of still yet another embodiment of the present 
invention further comprises another detection means ... for detecting unauthorized access to the 
personal information ... An information processing apparatus of still further embodiment of the 
present invention comprises an access means (for example, step S21 shown in FIG. 4) for 
accessing an information processing device of an information provider through a server and a 
control means (for example, step S27 shown in FIG. 4) for controlling the provision by the server 
of personal information stored in a storage means to the information processing device of the 
information provider on behalf of a user when a request for the personal information comes from 
the information processing device of the information provider" in col. 4, lines 30-53. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the teachings of '855, a Web site registration proxy system to include the use of P3P 
format as well as a means to intercept requests. One of ordinary skill in the art would have been 
motivated to perform such a modifications to place emphasis on mobility and low cost (see '203 
col. 1, lines 49 et seq. and col. 2, lines 36 et seq.). "In addition, a mobile terminal device for 
accessing information or service providers from outside the home is generally designed with 
emphasis placed on mobility and low cost and therefore is inferior in capability ... In carrying out 
the invention and according to yet another aspect thereof, there is provided an information 
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processing apparatus comprising: an access means for accessing the information processing 
device of the information provider through the server; and a control means for controlling the 
provision of the personal information stored in the storage means to the information processing 
device of the information provider by the server on behalf of any of the plurality of users" . 

As to dependent claim 73, "wherein the collection of interactive resources comprises 
a collection of Web pages accessible through a Web site of the enterprise" is shown in '855 
col. 5, lines 20-33 (i.e. "pages" same as "forms") "Each website that is affiliated with the 
registration agent site is represented in a registration profile database 13 where details of the site 
registration requirements, including the registration forms used by the website, are stored". 

As to dependent claim 74, "wherein providing the linked collection of resources 
comprises associating non-uniform privacy policies with the resources, and wherein 
receiving the information comprises receiving and storing different items of the 
information subject to different privacy rules from among the non-uniform privacy 
policies" is disclosed in '855 col. 7, lines 1-65 "a core profile which is a set of data fields 
required by more than one site. Users can have more than one set of core profile data which 
allows them to maintain a set of different "personalities", for example one for work address and 
one for a home address. Other personal data can be stored in site-specific user profiles forming 
part of the user profile structure. These may consist of data which the user has supplied to a 
particular site, but which is not used for other sites. Examples include a user name and password 
for site, or preference data specific to one site ... The mformation may be grouped into different 
categories for example". 
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As to dependent claim 75, "wherein providing the requested information comprises 
checking the compliance of the application with the privacy rules respectively applicable to 
each of the items of the information requested by the application" is taught in '855 col. 6, 
lines 6-14 "Any system for submitting data to a site on behalf of a user will need certain 
information about the site and its form system, which is termed Site Data Requirements (SDR) 
. . . and needs to include at least some of the following information ... 2. what are the site's data 
privacy policies? Is there any relevant third party auditing or accreditation"; 

As to dependent claim 76, "wherein providing the requested information comprises 
determining that the application does not comply with the rules respectively applicable to a 
given item of the information, and refusing to provide the requested information with 
respect to the given item, while providing other information with respect to which the 
application does comply with the respectively applicable rules" is shown in '855 col. 3, lines 
61-67 and col. 5, lines 44-45 "identifying and resolving conflicts between the user's privacy 
preferences and the site's policies" 

As to dependent claim 77, "wherein receiving the information comprises receiving 
the information from first and second users subject to respective first and second privacy 
policies, and wherein providing the requested information comprises checking the 
compliance of the application with both the first and the second privacy policies" is taught 
in '855 col. 6, lines 6-14 "Any system for submitting data to a site on behalf of a user will need 
certain information about the site and its form system, which is termed Site Data Requirements 
(SDR) . . . and needs to include at least some of the following information ... 2. what are the 
site's data privacy policies? Is there any relevant third party auditing or accreditation". 
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As to dependent claim 78, ^'and comprising making a record of the request and of 
the information provided responsive thereto in a log for review in a subsequent privacy 
audit" is taught in '855 col. 7, line 62 through col. 8, line 9 "For each information group, the 
user chooses and information policy, which tells the registration agent site 10 when and to whom 
the information in that category can be given out , . . The user can choose the circumstances 
under which the data they tag as yellow can be given to sites they register with. For example, the 
user may specify that the site must have certain data handling policies in place and perhaps that 
theses policies must be verified by an independent agency". 

As to independent claim 95, this claim is directed to the apparatus for the method of 
claim 72; therefore it is rejected along similar rationale. 

As to dependent claims 96-101 these claims are substantially similar to dependent 
claims 73-78; therefore they are rejected along similar rationale. 

As to independent claim 105, this claim is directed to the software program for the 
method of claim 72; therefore it is rejected along similar rationale. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:00 am to 2:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published appUcations 
may be obtained from either Private PAIR or PubUc PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ellen Iran 
Patent Examiner 
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